U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB16-270)

Vulnerability Summary for the Week of September 19, 2016

Original release date: September 26, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- acrobatAdobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.2016-09-1610.0CVE-2016-6937
CONFIRM
adobe -- acrobatUse-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4255.2016-09-1610.0CVE-2016-6938
CONFIRM
apache -- cxf_fedizThe application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.2016-09-217.5CVE-2016-4464
CONFIRM
MLIST
CONFIRM
apple -- xcodeotool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4705.2016-09-187.2CVE-2016-4704
APPLE
CONFIRM
apple -- xcodeotool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4704.2016-09-187.2CVE-2016-4705
APPLE
CONFIRM
artifex -- mupdfHeap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.2016-09-227.5CVE-2016-6525
CONFIRM
CONFIRM
DEBIAN
MLIST
BID
aver -- eh6108h+_firmwareAVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session.2016-09-1810.0CVE-2016-6535
CERT-VN
aver -- eh6108h+_firmwareThe /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value.2016-09-1810.0CVE-2016-6536
CERT-VN
cisco -- webex_meetings_serverCisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130.2016-09-179.3CVE-2016-1482
CISCO
cisco -- webex_meetings_serverCisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704.2016-09-187.8CVE-2016-1483
CISCO
cisco -- cloud_services_platform_2100The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541.2016-09-229.0CVE-2016-6373
CISCO
cisco -- cloud_services_platform_2100Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093.2016-09-227.5CVE-2016-6374
CISCO
cisco -- unified_computing_systemUCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263.2016-09-187.2CVE-2016-6402
CISCO
cisco -- email_security_applianceCisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017.2016-09-2210.0CVE-2016-6406
CISCO
cisco -- iosiox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223.2016-09-227.2CVE-2016-6414
CISCO
dentsply_sirona -- cdr_dicomDentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords.2016-09-2010.0CVE-2016-6530
CERT-VN
CONFIRM
emc -- avamar_serverAvamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.2016-09-207.2CVE-2016-0905
BUGTRAQ
emc -- vnx1_oe_firmwareThe SMB service in EMC VNXe, VNX1 File OE before 7.1.80.3, and VNX2 File OE before 8.1.9.155 does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231.2016-09-207.5CVE-2016-0917
BUGTRAQ
emc -- avamar_serverAvamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration.2016-09-207.2CVE-2016-0920
BUGTRAQ
flex_project -- flexHeap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.2016-09-217.5CVE-2016-6354
DEBIAN
MLIST
MLIST
CONFIRM
fortinet -- fortiwanFortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.2016-09-219.0CVE-2016-4965
CONFIRM
CONFIRM
BID
CERT-VN
hp -- loadrunnerHPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.2016-09-209.0CVE-2016-4384
CONFIRM
huawei -- ws331a_router_firmwareMultiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via unspecified vectors.2016-09-217.1CVE-2016-6158
CONFIRM
huawei -- usg2100_firmwareBuffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet.2016-09-227.1CVE-2016-6669
CONFIRM
icu_project -- international_components_for_unicodeStack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.2016-09-177.5CVE-2016-7415
MLIST
MISC
lenovo -- biosThe BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.2016-09-227.2CVE-2016-5247
BID
CONFIRM
libarchive -- libarchiveInteger overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.2016-09-217.5CVE-2016-6250
MLIST
MLIST
SECTRACK
CONFIRM
CONFIRM
MISC
CONFIRM
mariadb -- mariadbOracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.2016-09-2010.0CVE-2016-6662
MISC
FULLDISC
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
CONFIRM
mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2016-09-227.5CVE-2016-5256
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2016-09-227.5CVE-2016-5257
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefoxHeap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.2016-09-227.5CVE-2016-5270
CONFIRM
CONFIRM
mozilla -- firefoxUse-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.2016-09-227.5CVE-2016-5274
CONFIRM
CONFIRM
mozilla -- firefoxUse-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.2016-09-227.5CVE-2016-5276
CONFIRM
CONFIRM
mozilla -- firefoxUse-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.2016-09-227.5CVE-2016-5277
CONFIRM
CONFIRM
mozilla -- firefoxUse-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via bidirectional text.2016-09-227.5CVE-2016-5280
CONFIRM
CONFIRM
mozilla -- firefoxUse-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.2016-09-227.5CVE-2016-5281
MISC
CONFIRM
CONFIRM
openjpeg -- openjpegUse-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.2016-09-217.5CVE-2015-8871
DEBIAN
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
otrs -- faqMultiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.2016-09-169.0CVE-2016-5843
CONFIRM
CONFIRM
CONFIRM
CONFIRM
php -- phpext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.2016-09-177.5CVE-2016-7411
MLIST
CONFIRM
CONFIRM
CONFIRM
php -- phpUse-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.2016-09-177.5CVE-2016-7413
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
php -- phpThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.2016-09-177.5CVE-2016-7414
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
php -- phpext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.2016-09-177.5CVE-2016-7417
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
pivotal -- cloud_foundry_elastic_runtimePivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.2016-09-177.5CVE-2016-0896
CONFIRM
pivotal -- operations_managerPivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors.2016-09-177.5CVE-2016-0897
CONFIRM
pivotal -- rabbitmqThe metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that contains credentials from a command line.2016-09-177.8CVE-2016-0929
CONFIRM
redhat -- quickstart_cloud_installerRed Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file.2016-09-227.2CVE-2016-6322
BID
CONFIRM
rockwellautomation -- rslogix_500_professional_editionBuffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file.2016-09-189.3CVE-2016-5814
MISC
xen -- xenXen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.2016-09-217.2CVE-2016-7093
CONFIRM
SECTRACK
CONFIRM
CONFIRM
xen -- xenUse-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.2016-09-217.2CVE-2016-7154
CONFIRM
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
yokogawa -- stardom_fcn/fcjYokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify application command.2016-09-187.5CVE-2016-4860
MISC
CONFIRM
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- air_sdk_&_compilerAdobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent.2016-09-165.0CVE-2016-6936
CONFIRM
MISC
apache -- zookeeperBuffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.2016-09-216.8CVE-2016-5017
MISC
MLIST
CONFIRM
CONFIRM
CONFIRM
apache -- jackrabbitCross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.2016-09-216.8CVE-2016-6801
MLIST
CONFIRM
apache -- shiroApache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.2016-09-205.0CVE-2016-6802
MISC
BUGTRAQ
BID
apple -- safariThe TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.2016-09-206.8CVE-2015-8960
MISC
MLIST
MISC
MISC
apple -- iphone_osThe Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.2016-09-184.3CVE-2016-4620
APPLE
CONFIRM
apple -- iphone_osThe GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.2016-09-184.3CVE-2016-4719
APPLE
CONFIRM
apple -- iphone_osThe Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.2016-09-184.3CVE-2016-4741
APPLE
CONFIRM
apple -- iphone_osThe Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.2016-09-185.0CVE-2016-4746
APPLE
CONFIRM
apple -- iphone_osMail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.2016-09-184.3CVE-2016-4747
APPLE
CONFIRM
artifex -- mupdfUse-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.2016-09-224.3CVE-2016-6265
CONFIRM
CONFIRM
SUSE
MLIST
BID
aver -- eh6108h+_firmwareAVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings.2016-09-185.0CVE-2016-6537
CERT-VN
charybdis_project -- charybdisThe m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.2016-09-216.8CVE-2016-7143
DEBIAN
MLIST
MLIST
CONFIRM
CONFIRM
cisco -- iosThe Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.2016-09-224.3CVE-2014-2146
MISC
MISC
CISCO
cisco -- ios_xrCisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289.2016-09-185.0CVE-2016-1433
CISCO
cisco -- carrier_routing_systemCisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafted IPv6-over-MPLS packets, aka Bug ID CSCva32494.2016-09-165.7CVE-2016-6401
CISCO
cisco -- iosThe Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912.2016-09-184.3CVE-2016-6403
CISCO
cisco -- iosCross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854.2016-09-184.3CVE-2016-6404
CISCO
cisco -- fog_directorCisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368.2016-09-186.8CVE-2016-6405
CISCO
cisco -- web_security_applianceCisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219.2016-09-165.0CVE-2016-6407
CISCO
cisco -- iosThe server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.2016-09-185.0CVE-2016-6415
CISCO
cloud_foundry -- php_buildpackCloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file.2016-09-175.0CVE-2016-6639
CONFIRM
CONFIRM
emc -- avamar_serverAvamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent.2016-09-206.4CVE-2016-0903
BUGTRAQ
emc -- avamar_serverAvamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation.2016-09-205.0CVE-2016-0904
BUGTRAQ
emc -- avamar_serverAvamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program.2016-09-206.9CVE-2016-0921
BUGTRAQ
emc -- vipr_srmEMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.2016-09-175.0CVE-2016-0922
BUGTRAQ
emc -- vipr_srmCross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files.2016-09-175.8CVE-2016-6642
BUGTRAQ
emc -- vipr_srmCross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-09-174.3CVE-2016-6643
BUGTRAQ
emc -- documentum_d2EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.2016-09-175.0CVE-2016-6644
BUGTRAQ
fortinet -- fortiwanThe diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.2016-09-214.0CVE-2016-4966
CONFIRM
CONFIRM
BID
CERT-VN
fortinet -- fortiwanFortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php.2016-09-214.0CVE-2016-4967
CONFIRM
CONFIRM
BID
CERT-VN
fortinet -- fortiwanThe linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.2016-09-214.0CVE-2016-4968
CONFIRM
CONFIRM
BID
CERT-VN
fortinet -- fortiwanCross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php.2016-09-214.3CVE-2016-4969
CONFIRM
CONFIRM
BID
CERT-VN
hp -- performance_centerHPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue.2016-09-206.0CVE-2016-4382
CONFIRM
huawei -- ws331a_router_firmwareThe management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special packages" to the LAN interface.2016-09-216.8CVE-2016-6159
CONFIRM
huawei -- ac6003_firmwareHuawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP packets.2016-09-226.8CVE-2016-6824
CONFIRM
BID
libarchive -- libarchivebsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.2016-09-204.3CVE-2015-8915
MLIST
MLIST
MISC
MISC
libarchive -- libarchivebsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.2016-09-204.3CVE-2015-8916
MLIST
MLIST
UBUNTU
MISC
CONFIRM
CONFIRM
libarchive -- libarchivebsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.2016-09-205.0CVE-2015-8917
MLIST
MLIST
UBUNTU
MISC
CONFIRM
CONFIRM
libarchive -- libarchiveThe archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."2016-09-205.0CVE-2015-8918
SUSE
MLIST
MLIST
MISC
CONFIRM
libarchive -- libarchiveThe lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.2016-09-205.0CVE-2015-8919
SUSE
MLIST
MLIST
UBUNTU
MISC
CONFIRM
libarchive -- libarchiveThe _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.2016-09-204.3CVE-2015-8920
SUSE
MLIST
MLIST
UBUNTU
MISC
CONFIRM
libarchive -- libarchiveThe ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.2016-09-205.0CVE-2015-8921
SUSE
MLIST
MLIST
UBUNTU
MISC
CONFIRM
libarchive -- libarchiveThe read_CodersInfo cuntion in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer derference and crash) via a crafted 7z file, related to the _7z_folder struct.2016-09-204.3CVE-2015-8922
SUSE
MLIST
MLIST
UBUNTU
MISC
CONFIRM
CONFIRM
libarchive -- libarchiveThe process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.2016-09-204.3CVE-2015-8923
SUSE
MLIST
MLIST
UBUNTU
MISC
CONFIRM
libarchive -- libarchiveThe archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.2016-09-204.3CVE-2015-8924
SUSE
MLIST
MLIST
UBUNTU
MISC
CONFIRM
libarchive -- libarchiveThe readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.2016-09-204.3CVE-2015-8925
SUSE
MLIST
MLIST
UBUNTU
MISC
CONFIRM
libarchive -- libarchiveThe archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.2016-09-204.3CVE-2015-8926
SUSE
MLIST
MLIST
UBUNTU
MISC
CONFIRM
libarchive -- libarchiveThe trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.2016-09-204.3CVE-2015-8927
MLIST
MLIST
MISC
MISC
libarchive -- libarchiveThe process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.2016-09-204.3CVE-2015-8928
SUSE
MLIST
MLIST
UBUNTU
CONFIRM
libarchive -- libarchiveMemory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.2016-09-204.3CVE-2015-8929
SUSE
MLIST
MLIST
MISC
CONFIRM
libarchive -- libarchivebsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.2016-09-205.0CVE-2015-8930
SUSE
MLIST
MLIST
UBUNTU
MISC
CONFIRM
libarchive -- libarchiveMultiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.2016-09-206.8CVE-2015-8931
SUSE
MLIST
MLIST
UBUNTU
MISC
CONFIRM
MISC
libarchive -- libarchiveThe compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.2016-09-204.3CVE-2015-8932
SUSE
MLIST
MLIST
UBUNTU
MISC
CONFIRM
CONFIRM
libarchive -- libarchiveInteger overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.2016-09-204.3CVE-2015-8933
SUSE
MLIST
MLIST
UBUNTU
MISC
CONFIRM
libarchive -- libarchiveThe copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.2016-09-204.3CVE-2015-8934
SUSE
MLIST
MLIST
CONFIRM
UBUNTU
MISC
CONFIRM
libarchive -- libarchiveInteger overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.2016-09-216.8CVE-2016-4300
MISC
REDHAT
BID
MISC
CONFIRM
CONFIRM
CONFIRM
libarchive -- libarchiveStack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.2016-09-216.8CVE-2016-4301
MISC
MISC
CONFIRM
CONFIRM
CONFIRM
libarchive -- libarchiveHeap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.2016-09-216.8CVE-2016-4302
MISC
CONFIRM
REDHAT
BID
MISC
CONFIRM
CONFIRM
libarchive -- libarchiveThe archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.2016-09-215.0CVE-2016-4809
REDHAT
REDHAT
BID
CONFIRM
CONFIRM
CONFIRM
libarchive -- libarchiveThe sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.2016-09-215.0CVE-2016-5418
REDHAT
REDHAT
MLIST
REDHAT
REDHAT
CONFIRM
MISC
CONFIRM
CONFIRM
libarchive -- libarchiveInteger overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.2016-09-214.3CVE-2016-5844
REDHAT
REDHAT
MLIST
MLIST
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
libarchive -- libarchivelibarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.2016-09-214.3CVE-2016-7166
REDHAT
REDHAT
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
libtiff_project -- libtiffThe _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.2016-09-216.8CVE-2016-3632
CONFIRM
MLIST
CONFIRM
BID
CONFIRM
libtiff_project -- libtiffMultiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.2016-09-216.8CVE-2016-3945
CONFIRM
MLIST
CONFIRM
BID
CONFIRM
libtiff_project -- libtiffHeap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.2016-09-216.8CVE-2016-3990
CONFIRM
MLIST
CONFIRM
BID
CONFIRM
libtiff_project -- libtiffHeap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.2016-09-216.8CVE-2016-3991
CONFIRM
MLIST
CONFIRM
BID
CONFIRM
mozilla -- firefoxThe mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values.2016-09-224.3CVE-2016-2827
CONFIRM
CONFIRM
mozilla -- firefoxThe PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property.2016-09-224.3CVE-2016-5271
CONFIRM
CONFIRM
mozilla -- firefoxThe nsImageGeometryMixin class in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.2016-09-226.8CVE-2016-5272
CONFIRM
CONFIRM
mozilla -- firefoxThe mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.2016-09-226.8CVE-2016-5273
CONFIRM
CONFIRM
mozilla -- firefoxBuffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering.2016-09-226.8CVE-2016-5275
CONFIRM
CONFIRM
mozilla -- firefoxHeap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.2016-09-226.8CVE-2016-5278
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.2016-09-224.3CVE-2016-5279
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.2016-09-224.3CVE-2016-5282
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.2016-09-226.8CVE-2016-5283
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.2016-09-224.3CVE-2016-5284
MLIST
CONFIRM
CONFIRM
CONFIRM
MISC
openjpeg -- openjpegInteger overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.2016-09-216.8CVE-2016-7163
DEBIAN
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
php -- phpext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.2016-09-176.8CVE-2016-7412
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
php -- phpext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.2016-09-175.0CVE-2016-7416
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
php -- phpThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.2016-09-175.0CVE-2016-7418
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
pivotal -- operations_managerPivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.2016-09-175.0CVE-2016-0883
CONFIRM
pivotal -- cloud_foundry_elastic_runtimeCross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.2016-09-174.3CVE-2016-0926
CONFIRM
pivotal -- cloud_foundry_elastic_runtimeCross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-09-174.3CVE-2016-0927
CONFIRM
pivotal -- cloud_foundry_elastic_runtimeMultiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2016-09-175.8CVE-2016-0928
CONFIRM
pivotal -- operations_managerPivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist.2016-09-175.0CVE-2016-0930
CONFIRM
powerdns -- authoritativePowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.2016-09-215.0CVE-2016-5426
MLIST
CONFIRM
CONFIRM
powerdns -- authoritativePowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query.2016-09-215.0CVE-2016-5427
MLIST
CONFIRM
CONFIRM
trane -- tracer_scThe web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request.2016-09-185.0CVE-2016-0870
MISC
trane -- tracer_scABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory.2016-09-186.9CVE-2016-4526
MISC
CONFIRM
xen -- xenThe get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.2016-09-216.8CVE-2016-7092
CONFIRM
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- iphone_osApple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.2016-09-181.9CVE-2016-4740
APPLE
CONFIRM
apple -- iphone_osPrinting UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.2016-09-182.1CVE-2016-4749
APPLE
CONFIRM
emc -- rsa_bsafeThe client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used.2016-09-172.6CVE-2016-0923
BUGTRAQ
emc -- rsa_bsafeThe TLS 1.2 implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 supports MD5 signatures, which makes it easier for man-in-the-middle attackers to impersonate clients via a transcript-collision attack.2016-09-172.6CVE-2016-0924
BUGTRAQ
MISC
emc -- rsa_adaptive_authentication_on-premiseCross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2016-09-203.5CVE-2016-0925
BUGTRAQ
emc -- vipr_srmCross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2016-09-173.5CVE-2016-6641
BUGTRAQ
nextcloud -- nextcloudCross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.2016-09-173.5CVE-2016-7419
CONFIRM
MISC
CONFIRM
CONFIRM
redhat -- quickstart_cloud_installerThe kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.2016-09-222.1CVE-2016-6340
BID
CONFIRM
xen -- xenBuffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.2016-09-211.5CVE-2016-7094
CONFIRM
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info

cisco -- application_hosting _framework

The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773.2016-09-23Not Yet CalculatedCVE-2016-6412
CISCO
cisco -- application_hosting _frameworkThe Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856.2016-09-23Not Yet CalculatedCVE-2016-6410
CISCO
cisco -- application_policy_infrastructure_controllerThe installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496.2016-09-23Not Yet CalculatedCVE-2016-6413
CISCO
cisco -- data_in_motionThe Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traffic, aka Bug ID CSCuy54015.2016-09-23Not Yet CalculatedCVE-2016-6409
CISCO
cisco -- firepower_management_center _and_firesight_systemCisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585.2016-09-23Not Yet CalculatedCVE-2016-6411
CISCO
cisco -- prime_homeCisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814.2016-09-23Not Yet CalculatedCVE-2016-6408
CISCO
dexis -- imaging_suite_10DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session.2016-09-24Not Yet CalculatedCVE-2016-6532
CERT-VN
emc -- rsa_identity_management_and_governanceEMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL.2016-09-24Not Yet CalculatedCVE-2016-0918
BUGTRAQ
i_o_data_device -- i_o_data_devicesCross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.2016-09-24Not Yet CalculatedCVE-2016-4845
JVN
JVNDB
CONFIRM
moxa -- active_opc_serverUnquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.2016-09-24Not Yet CalculatedCVE-2016-5793
MISC
open_dental -- open_dental** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction."2016-09-24Not Yet CalculatedCVE-2016-6531
CERT-VN
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top